CX XSRF @ or-reserve.php [master] #93

cxronen · 2021-06-30T22:23:22Z

XSRF issue exists @ or-reserve.php in branch master

Method <?php at line 17 of or-reserve.php gets a parameter from a user request from _POST. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (XSRF).

Severity: Medium

CWE:352

Checkmarx

Training
Recommended Fix

Lines: 16 17 19 26 45 15

Code (Line #16):

	$roomid = filter_var((isset($_POST["roomid"])?$_POST["roomid"]:""), FILTER_SANITIZE_NUMBER_INT);

Code (Line #17):

	$starttime = filter_var((isset($_POST["starttime"])?$_POST["starttime"]:""), FILTER_SANITIZE_NUMBER_INT);

Code (Line #19):

	$capacity = filter_var((isset($_POST["capacity"])?$_POST["capacity"]:""), FILTER_SANITIZE_NUMBER_INT);

Code (Line #26):

	$altusername = (isset($_POST["altusername"])?$_POST["altusername"]:"");

Code (Line #45):

				$ofvalues[$optionalfield["optionformname"]] = mysql_real_escape_string(isset($_POST[$optionalfield["optionformname"]])?$_POST[$optionalfield["optionformname"]]:"");

Code (Line #15):

	$duration = filter_var((isset($_POST["duration"])?$_POST["duration"]:""), FILTER_SANITIZE_NUMBER_INT);

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX XSRF @ or-reserve.php [master] #93

CX XSRF @ or-reserve.php [master] #93

cxronen commented Jun 30, 2021

CX XSRF @ or-reserve.php [master] #93

CX XSRF @ or-reserve.php [master] #93

Comments

cxronen commented Jun 30, 2021